Date of Award

3-14-2014

Document Type

Thesis

Degree Name

Master of Science

Department

Department of Electrical and Computer Engineering

First Advisor

Jonathan W. Butts, PhD.

Abstract

The Shodan computer search engine crawls the Internet attempting to identify any connected device. Using Shodan, researchers identified thousands of Internet-facing devices associated with industrial controls systems (ICS). This research examines the impact of Shodan on ICS security, evaluating Shodan's ability to identify Internet-connected ICS devices and assess if targeted attacks occur as a result of Shodan identification. In addition, this research evaluates the ability to limit device exposure to Shodan through service banner manipulation. Shodan's impact was evaluated by deploying four high-interaction, unsolicited honeypots over a 55 day period, each configured to represent Allen-Bradley programmable logic controllers (PLC). All four honeypots were successfully indexed and identifiable via the Shodan web interface in less than 19 days. Despite being indexed, there was no increased network activity or targeted ICS attacks. Although results indicate Shodan is an effective reconnaissance tool, results contrast claims of its use to broadly identify and target Internet-facing ICS devices. Additionally, the service banner for two PLCs were modified to evaluate the impact on Shodan indexing capabilities. Findings demonstrated service banner manipulation successfully limited device exposure from Shodan queries.

AFIT Designator

AFIT-ENG-14-M-14

DTIC Accession Number

ADA601219

Share

COinS